Unrated severityNVD Advisory· Published Dec 10, 2024· Updated Dec 10, 2024

PenDoc vulnerable to Arbitrary File Read on updating and downloading templates using Path Traversal

CVE-2024-55602

Description

PwnDoc is a penetration test report generator. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an authenticated user who is able to update and download templates can inject path traversal (../) sequences into the file extension property to read arbitrary files on the system. Commit 1d4219c596f4f518798492e48386a20c6e9a2fe6 contains a patch for the issue.

Affected products

Pwncollege/Pwndocv5
Range: < 1d4219c596f4f518798492e48386a20c6e9a2fe6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/JorianWoltjer/8a42e25c6dfa7604020d2a226e193407mitrex_refsource_MISC
github.com/pwndoc/pwndoc/blob/2e7f5747d5688b1368e549c786ce7266fe5ab2b5/backend/src/routes/template.jsmitrex_refsource_MISC
github.com/pwndoc/pwndoc/blob/2e7f5747d5688b1368e549c786ce7266fe5ab2b5/backend/src/routes/template.jsmitrex_refsource_MISC
github.com/pwndoc/pwndoc/commit/1d4219c596f4f518798492e48386a20c6e9a2fe6mitrex_refsource_MISC
github.com/pwndoc/pwndoc/security/advisories/GHSA-2mqc-gg7h-76p6mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000